Social media links

Google+ to Shut Down Following Disastrous 500,000 Users Data Breach

Published October 9th, 2018 - 05:24 GMT

Struggling social network gets a minus for security. (Shutterstock)

Google has announced that it’s kicking its floundering social media platform Google+ to the curb, some seven years after it was first introduced. The decision comes after a Wall Street Journal report today revealed that the tech giant had been hiding the news of a massive security breach on the platform.

According to The Journal, Google discovered the data breach in March this year and, although the bug has since been patched, the company decided not to disclose the news for fear of “immediate regulatory interest” and potential reputational damage.

In the wake of the report, Google has seemingly decided that the platform’s time is up and will be shutting down consumer access to the social network. The company has stated that the closure will occur over the course of the next 10 months, and following the breach Google has also promised to boost user privacy for its other services.

Bug-gered up

That breach left the personal information of about 500,000 users exposed, and was caused by a bug on a People API on Google+. The Journal calls it a “software glitch”, but between 2015 and March 2018 (when it was finally patched) the hole gave third-party app developers potential access to user profiles that weren’t made public.

Google, however, claims that there is “no evidence that any developer was aware of this bug, or abusing the API” and that is has “found no evidence that any Profile data was misused”.

In addition to “sunsetting consumer Google+”, the company is making changes to APIs on its other services, which will limit the amount of access developers get to data on Android and Gmail.

Call logs and SMS permissions will no longer be sent to developers, while contact interaction data won’t be accessible via the Android Contacts API.

Google is also updating Gmail’s User Data Policy for the consumer version to limit access to user data.

Socially awkward

Google has admitted that adoption of the its social network and subsequent user engagement has been low, with 90% of Google+ user sessions lasting for less than five seconds.

Despite that, the company plans to keep Google+ operational as an enterprise product, allowing companies to use it as an internal communication platform for employees. Google has announced that it will be rolling out new features to make it a “secure corporate social network”.

These latest changes are also being implemented as part of a larger crackdown, in which the search giant is seeking to review and curb “third-party developer access to Google account and Android device data and of our philosophy around apps’ data access”. The undertaking is called Project Strobe, which looks “at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened”.